<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
 * Authentication System
 *
 * This class provides authentication functions that rely on the users_model
 * file to authenticate against the 'users' table in the database
 *
 * @author Casey McLaughlin
 * @package CIHeadStart
 * @link http://code.google.com/p/ciheadstart
 */
class Authentication extends MY_Library
{
	private $ci;

	/**
	 * Constructor
	 */
	function Authentication()
	{
		$this->ci =& get_instance();
		
		$this->ci->load->library('session');
		$this->ci->load->library('encrypt');
		
		$this->ci->load->model('users_model');
		$this->ci->load->model('users_roles_model');
	}
	
	// --------------------------------------------------------------------		

	/**
	 * Check to see if a username and password match
	 * what is in the database.
	 *
	 * @param string $user
	 * @param string $pass (Plaintext or SHA1 hashed password)
	 * @param boolean $hash_password If set to TRUE, this function will perform SHA1 on the password before checking it
	 * @return boolean
	 */
	function check_credentials($user, $pass, $hash_password = TRUE)
	{
		$user_info = $this->ci->users_model->retrieve_user($user, TRUE);
		
		if ( ! $user_info)
			return $this->_do_error("The user with name $user does not exist!");
		
		if ($hash_password)
			$pass = $this->ci->encrypt->sha1($pass);
				
		if (strcmp($user, $user_info->login) == 0 && $pass == $user_info->password)
			return TRUE;
		else
			return $this->_do_error("The user with credentials");
	}
	
	// --------------------------------------------------------------------		

	/**
	 * Establish session variables indicating the user has logged in
	 *
	 * This function should be one of the last things to happen as part of the
	 * login process.
	 *
	 * @param int $user_id
	 * @return boolean
	 */
	function set_login_session($user_id)
	{
		$unique_key = rand(10000, 99999);
			
		$this->ci->session->set_userdata(array('logged_in' => 'true', 'user_info' => $user_id, 'unique_key' => $unique_key));
		
		return TRUE;
	}
	
	// --------------------------------------------------------------------		

	/**
	 * Clear the user's login session
	 *
	 * This function should be called when the user logs out.
	 *
	 * @return boolean
	 */
	function clear_login_session()
	{
		if ($this->is_logged_in())
			$this->ci->session->unset_userdata(array('logged_in' => '', 'user_info' => '', 'unique_key' => ''));

		return TRUE;
	}
	
	// --------------------------------------------------------------------		

	/**
	 * Get current user ID
	 *
	 * If the user is logged in (session information exists), return the ID,
	 * otherwise perform an error.
	 *
	 * @return int
	 */
	function get_curr_user_id()
	{
		if ( ! $this->is_logged_in())
			return $this->_do_error("No login session exists!");
		
		return $this->ci->session->userdata('user_info');
	}

	// --------------------------------------------------------------------		

	/**
	 * Get current user unqiue key
	 *
	 * In addition to the session ID, a unique numeric key is generated for
	 * each user's session.  This function returns that key.
	 *
	 * @return string
	 */
	function get_curr_unique_key()
	{
		if ( ! $this->is_logged_in())
			return $this->_do_error("No login session exists!");
		
		return $this->ci->session->userdata('unique_key');
	}
	
	// --------------------------------------------------------------------		

	/**
	 * Checks to see if the user is logged-in, and optionally, assigned to
	 * a specific role in the server.
	 *
	 * If no argument is sent, this function simply checks to see if the user
	 * is logged in.
	 *
	 * If a role name is sent (correpsonding to the "roles" table in the database),
	 * then this function will only return TRUE if the user is logged in and is
	 * a member of that role.
	 *
	 * Test for multiple roles by joining them with the binary OR (|) operator.
	 * (e.g. is_logged_in("admin|power_user"))
	 *
	 * @param string $role
	 * @return boolean
	 */
	function is_logged_in($role = 'any')
	{
		//If any of the following aren't set, return false; the user isn't logged in correctly
		if ( $this->ci->session->userdata('logged_in') != 'true' OR ! is_numeric($this->ci->session->userdata('user_info')) OR ($this->ci->session->userdata('user_info') < 1) OR ! $this->ci->session->userdata('unique_key'))
			return FALSE;
			
		//If role is not set to any, then check the role
		if ($role != 'any')
		{
			if (strpos($role, "|"))
				$roles_to_allow = explode("|", strtolower(trim($role)));
			else
				$roles_to_allow = array($role);
				
			$user_role = $this->ci->users_model->retrieve_user($this->ci->session->userdata('user_info'))->roles_id;
			
			$user_role_name = $this->ci->users_roles_model->retrieve_single("`name` = '$user_role' OR `id` = '$user_role'")->name;
			
			if (in_array($user_role_name, $roles_to_allow))
				return TRUE;
			else 
				return FALSE;
		}
		else
			return TRUE; //if made it here, return true if logged in
	}
}

/* End of file authentication.php */
/* Location: ./app/libraries/authentication.php */